Client performs structured MongoDB deployment reconnaissance by first initiating a standard driver handshake (ismaster / hello) disclosing client runtime and platform metadata (PyMongo, CPython, Linux x86_64), followed by an advanced topology-aware handshake request against the admin database including topologyVersion tracking and long-poll await semantics. This sequence reflects automated driver-level service validation and replica-set / cluster state discovery activity commonly associated with scanning frameworks, monitoring tooling, or pre-enumeration reconnaissance workflows preparing for deeper database interaction.

Remote client performs an initial MongoDB wire-protocol handshake using the ismaster / hello command while disclosing detailed driver and host fingerprint metadata (PyMongo driver, CPython runtime, Linux x86_64 kernel). This behavior reflects early-stage service discovery and environment profiling typically performed by automated scanners, exploitation frameworks, or reconnaissance tooling to validate MongoDB exposure, determine protocol compatibility, and prepare for subsequent enumeration or unauthorized database interaction.